Lucene search
+L

11 matches found

NVD
NVD
added 2024/03/21 2:49 a.m.14 views

CVE-2023-49979

A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...

7.5CVSS6.4AI score0.00745EPSS
Exploits1References2
NVD
NVD
added 2024/03/06 1:15 a.m.10 views

CVE-2023-49973

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customersupport/index.php?page=customerlist...

6.1CVSS5.6AI score0.0045EPSS
Exploits1References2
Prion
Prion
added 2024/03/06 1:15 a.m.12 views

Cross site scripting

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customersupport/index.php?page=newticket...

5.9AI score0.00466EPSS
Exploits4References2
Vulnrichment
Vulnrichment
added 2024/03/06 12:0 a.m.14 views

CVE-2023-49971

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customersupport/index.php?page=customerlist...

5.9AI score0.00433EPSS
Exploits1References2
Prion
Prion
added 2024/03/05 12:15 a.m.14 views

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customersupport/ajax.php?action=login...

8.6AI score0.0115EPSS
Exploits1References2
Prion
Prion
added 2024/03/05 12:15 a.m.24 views

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customersupport/ajax.php?action=saveticket...

8.2AI score0.00818EPSS
Exploits1References2
Prion
Prion
added 2024/03/05 12:15 a.m.20 views

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customersupport/index.php?page=editcustomer...

8.2AI score0.00519EPSS
Exploits1References2
Prion
Prion
added 2024/03/05 12:15 a.m.19 views

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customersupport/ajax.php...

8.6AI score0.00761EPSS
Exploits1References2
CVE
CVE
added 2024/03/04 12:0 a.m.94 views

CVE-2023-49968

The CVE-2023-49968 entry covers a SQL injection in Customer Support System v1, exploitable via the id parameter on /customer_support/manage_department.php. The issue is caused by insufficient input validation in that parameter, allowing an attacker to alter SQL query logic and potentially access ...

7.3CVSS8.1AI score0.00456EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2024/03/01 10:15 p.m.19 views

Authorization

A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...

7AI score0.00776EPSS
Exploits1References3
CVE
CVE
added 2024/03/01 12:0 a.m.74 views

CVE-2023-49545

CVE-2023-49545 affects the Customer Support System v1. The vulnerability is a directory listing flaw that allows an attacker to enumerate directories and sensitive files without requiring authorization. The provided connected sources corroborate this description across multiple feeds (NVD/Red Hat...

7.5CVSS6.6AI score0.00776EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder